The Public Eye with Eric Chabrow

Limiting Use of Laptop Monitoring Tools

When Federal Agencies Should, Shouldn't Snoop on Their Workers
Limiting Use of Laptop Monitoring Tools

Some U.S. federal agencies seem to be going too far in monitoring their employees' communications activities on their government-issued laptop computers.

See Also: Live Webinar | Navigating Identity Threats: Detection & Response Strategies for Modern Security Challenges

A news report, published by the Washington Post on Aug. 17, says several federal agencies have installed monitoring software from SpectorSoft that can track an employee's keystrokes, retrieve files from hard drives and search for keywords. Besides monitoring e-mail messages, SpectorSoft also can be programmed to intercept social media postings.

No doubt, the government has legitimate fears about the insider threat, employees disclosing secret and sensitive information without authorization, and should take steps to prevent them. And, they're earmarking lots of money to do just that. Spending on protecting and maintaining classified information systems by nonintelligence agencies soared by 20 percent between 2010 and 2011 to $5.65 billion, according to the 2011 Cost Report from the federal Information Security Oversight Office.

Hampering Whistleblowers

But such monitoring has a downside. Many whistleblowers perform important roles in alerting the public to misuse of government funds and unethical conduct by colleagues and managers. Monitoring software could hamper well-intended public servants from tipping off the public about such abuse.

As the story points out, the government has monitored federal workers - including Food and Drug Administration scientists, starting in 2010 - when they use Gmail, Yahoo or other personal e-mail accounts on government computers. Although the FDA has said it acted out of concern that the scientists were improperly sharing trade secrets, the story says, the scientists have argued in a lawsuit that they were targeted because they were blowing the whistle on what they thought had been an unethical review process.

"Nobody's reading anybody's e-mail here," Rob Carey, the Defense Department's principal deputy chief information officer tells the Post. "The FDA case would not happen here. We have rules in place. There has to be probable cause. It appears that there was monitoring going on that shouldn't have been."

Each agency sets its own rules on when and how to use monitoring software.

Privacy advocates say the use of monitoring software can result in the over-collection of data, leaving managers the choice of what they will review and why. "There's always the ability for a human being to come in after the fact and look through communications," Seth David Schoen of the Electronic Frontier Foundation, a digital advocacy group, tells the Post. "And there will be a trove of communications there for them to look through retrospectively."

Agencies shouldn't be prevented from monitoring activities on government-issued computing devices. But they should be transparent about how they employ monitoring software and limit its use to prevent the illicit disclosure of sensitive and classified materials.



About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.